CVE-2023-43757

MEDIUM

Multiple Routers - Info Disclosure

Title source: llm

Description

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.

Exploits (1)

nomisec STUB

by sharmashreejaa · poc

https://github.com/sharmashreejaa/CVE-2023-43757

View Code ZIP pw:eip

References (4)

[Third Party Advisory] https://jvn.jp/en/vu/JVNVU94119876/

[Third Party Advisory] https://www.elecom.co.jp/news/security/20210706-01/

[Third Party Advisory] https://www.elecom.co.jp/news/security/20230810-01/

[Third Party Advisory] https://www.elecom.co.jp/news/security/20231114-01/

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 13.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-326

Status published

Products (34)

elecom/lan-w300n\/p_firmware

elecom/lan-w300n\/rs_firmware

elecom/lan-w301nr_firmware

elecom/lan-wh300n\/dgp_firmware

elecom/lan-wh300ndgpe_firmware

elecom/wrc-1167ghbk2_firmware

elecom/wrc-1167ghbk_firmware

elecom/wrc-1750ghbk-e_firmware

elecom/wrc-1750ghbk2-i_firmware

elecom/wrc-1750ghbk_firmware

... and 24 more

Published Nov 16, 2023

Tracked Since Feb 18, 2026